Crypto hacking remains a persistent threat, according to an update from Chainalysis which also noted that the four years in the past decade individually saw more than a billion dollars worth of crypto stolen (2018, 2021, 2022, and 2023).
According to the research report from Chainalysis, 2024 marks the fifth year to reach this troubling milestone, highlighting how, as crypto adoption and prices rise, so too “does the amount that can be stolen.”
In 2024, funds stolen increased by “approximately 21.07% YoY to $2.2 billion, and the number of individual hacking incidents increased from 282 in 2023 to 303 in 2024.”
The Chainalysis report also mentioned that the intensity of “crypto hacking shifted about halfway through the year.”
In Chainalysis’ mid-year crime update, they noted that the “cumulative value stolen between January 2024 and July 2024 had already reached $1.58 billion, approximately 84.4% higher than the value stolen over the same period in 2023.”
As revealed in the available data and insights from Chainalysis, through the end of July, the ecosystem was “easily on track for a year that could rival the $3 billion+ years of 2021 and 2022.”
But 2024’s upward trend slowed “considerably after July, after which it remained relatively steady.”
In terms of the amount stolen by victim platform type, 2024 also “saw interesting patterns.”
The report from Chainalysis added that in most quarters between 2021 and 2023, decentralized finance (DeFi) platforms “were the primary targets of crypto hacks. It’s possible that DeFi platforms were more vulnerable because their developers tend to prioritize rapid growth and bringing their products to market over implementing security measures, making them prime targets for hackers.”
While DeFi still accounted for the largest share of stolen assets in the first quarter of 2024, centralized services “were the most targeted in Q2 and Q3.”
Some of the most notable centralized service hacks include DMM Bitcoin (May 2024; $305 million) and WazirX (July 2024; $234.9 million).
Chainalysis pointed out that this shift in focus from DeFi to centralized services highlights the “increasing importance of securing mechanisms commonly exploited in hacks, such as private keys.”
Private key compromises accounted “for the largest share of stolen crypto in 2024, at 43.8%. For centralized services, ensuring the security of private keys is critical, as they control access to users’ assets.”
Given that centralized exchanges “manage substantial amounts of user funds, the impact of a private key compromise can be devastating; we only have to look at the $305 million DMM Bitcoin hack, which is one of the largest crypto exploits to date, and may have occurred due to private key mismanagement or lack of adequate security.”
After compromising private keys, malicious actors often “launder stolen funds by funneling them through decentralized exchanges (DEXs), mining services, or mixing services to obfuscate the transaction trail and complicate tracing.”
In 2024, we can see that the laundering activity of private key hackers “differs meaningfully from that of hackers exploiting other attack vectors.”
For example, after stealing private keys, these hackers often “turned to bridges and mixing services.”
For other attack vectors, DEXs were “more popular for laundering.”
The Chainalysis report further revealed that hackers linked to North Korea have “become notorious for their sophisticated and relentless tradecraft, often employing advanced malware, social engineering, and cryptocurrency theft to fund state-sponsored operations and circumvent international sanctions. U.S. and international officials have assessed that Pyongyang uses the crypto it steals to finance its weapons of mass destruction and ballistic missiles programs, endangering international security.”
Last year, North Korea-affiliated hackers stole “approximately $660.50 million across 20 incidents; in 2024, this number increased to $1.34 billion stolen across 47 incidents — a 102.88% increase in value stolen.”
The report from Chainalysis concluded that these figures “represent 61% of the total amount stolen for the year and 20% of total incidents.”